CVE-2001-1377

Description

Multiple RADIUS implementations do not properly validate the Vendor-Length of the Vendor-Specific attribute, which allows remote attackers to cause a denial of service (crash) via a Vendor-Length that is less than 2.

Affected products

freeradius / freeradius0.2 – 0.2
freeradius / freeradius0.3 – 0.3
gnu / radius0.92.1 – 0.92.1
gnu / radius0.93 – 0.93
gnu / radius0.94 – 0.94
gnu / radius0.95 – 0.95
icradius / icradius0.14 – 0.14
icradius / icradius0.15 – 0.15
icradius / icradius0.16 – 0.16
icradius / icradius0.17 – 0.17
icradius / icradius0.17b – 0.17b
icradius / icradius0.18 – 0.18
icradius / icradius0.18.1 – 0.18.1
livingston / radius2.0 – 2.0
livingston / radius2.0.1 – 2.0.1
livingston / radius2.1 – 2.1
lucent / radius2.0 – 2.0
lucent / radius2.0.1 – 2.0.1
lucent / radius2.1 – 2.1
miquel_van_smoorenburg_cistron / radius1.6.1 – 1.6.1
miquel_van_smoorenburg_cistron / radius1.6.2 – 1.6.2
miquel_van_smoorenburg_cistron / radius1.6.3 – 1.6.3
miquel_van_smoorenburg_cistron / radius1.6.4 – 1.6.4
miquel_van_smoorenburg_cistron / radius1.6.5 – 1.6.5
miquel_van_smoorenburg_cistron / radius1.6_.0 – 1.6_.0
openradius / openradius0.8 – 0.8
openradius / openradius0.9 – 0.9
openradius / openradius0.9.1 – 0.9.1
openradius / openradius0.9.2 – 0.9.2
openradius / openradius0.9.3 – 0.9.3
radiusclient / radiusclient0.3.1 – 0.3.1
xtradius / xtradius1.1_pre1 – 1.1_pre1
xtradius / xtradius1.1_pre2 – 1.1_pre2
yard_radius / yard_radius1.0.17 – 1.0.17
yard_radius / yard_radius1.0.18 – 1.0.18
yard_radius / yard_radius1.0.19 – 1.0.19
yard_radius / yard_radius1.0_pre13 – 1.0_pre13
yard_radius / yard_radius1.0_pre14 – 1.0_pre14
yard_radius / yard_radius1.0_pre15 – 1.0_pre15
yard_radius_project / yard_radius1.0.16 – 1.0.16

Description

Affected products

References